Sunday, January 13, 2008

One of the major problems facing WoW today is the proliferation of keyloggers and hacked accounts. With the introduction of Guild Banks, hacked accounts are an even greater security risk. It's a very hard problem for Blizzard to solve, because the player's computer is already compromised by the time World of Warcraft is started up. I imagine that Blizzard's Warden already looks for known hacks and keyloggers, but they'll always be a step behind.

The best way for people to avoid having their account hacked is to be rigorous about their computer security. But sometimes people make mistakes. So what are some other ideas that Blizzard could implement that would help security?

Here are three ideas that I had that could help stem the tide of hacked accounts:

Remove hyperlinks from the WoW Forums

The WoW forums are one of the main vectors of keylogger transmission. It's compounded by the fact that your account and password for the forums are the same as the ones for your game. Most people will not take the extra effort to cut and paste a link rather than just clicking on it. So the lack of hyperlinks will probably cut the spread of a keylogger infection significantly.

The price here, of course, is that you wouldn't be able to link to other useful sites. I personally get a fair number of hits from the link in my signature on the forums. So you would damage the "eco-system" of WoW websites.

Make the user select a secret image upon logging in

A password is just text. You can detect someones password by detecting the keys pressed. There is a one-to-one correspondence between a key and a letter. Every time you type your password, it is the same. So we need something that is harder to detect than a straight key press.

One idea is to have the user select a secret image when setting the original password. Then when logging in, you type your password and choose an image from an array of possibilities. The location of the image changes each time. All you can really tell from outside the program is the exact co-ordinates of the mouse-click.

Since the image's location will change each time, the co-ordinates of the mouse-click will change each time, and it will become harder for a keylogger to capture the necessary information to access the account.

Safe Mode

Have World of Warcraft create a "signature" of the physical machine used to create the account for the first time. This signature would be derived from the physical characterstics of the machine including things like the processor, amount of ram, hardware installed, etc.

When a computer connects to the account, its signature is compared to the signature on file. If the signature is different, the account starts up in "Safe Mode". In Safe Mode you wouldn't be allowed to do stuff like sell or disenchant soulbound blues and epics, spend more than 100 gold, or withdraw items from the bank. Guild officers would not be able to invite, promote, or remove people from the guild.

The idea here is that WoW is basically saying, "Hey, this isn't your normal computer, so I'm going to be very suspicious." Of course, people will occasionally play from different computers, or a laptop, so you can't prevent them from logging in entirely.

As well, you would need some mechanism for changing the computer signature on file for when people get new computers or upgrade. In many ways, this idea is similar to Microsoft's Windows Genuine Advantage, and it will have the same issues that system has.

Anyways, those are three ideas I had which could help stem the problem of hacked accounts. I don't think that there is anything (short of banning asymmetric trades, which I think is overkill), that Blizzard could do to eliminate the problem entirely. The point of weakness that allows for the installation of keyloggers and computer hacks lies outside Blizzard's control.

None of your proposed solutions actually improve security, because they (at best) address symptoms, not the cause. They are simply security theatre: they only show that something is being done, even if that something is ineffective at best.

First, the hyperlinks in forums: The problem is not that people click hyperlinks, it's that their computers can be infected just by doing that. This is not Blizzard's problem. It's primarily the browser vendors' problem, and secondarily anti-virus vendors' problem. Blizzard's site is not the only site where malicious people post links to keyloggers, far from it. BTW, Clicking vs copy-pasting is a moot point, since Blizzard's forums do not allow you to disguise a hyperlink in any way. What you see is what you get. You yourself admit that forbidding hyperlinks carries a significant cost. Are you sure it's worth it?

Secret image: If the attacker has such access to the target computer that he run code in kernel mode and thus can splice into peripheral I/O and record keystrokes, he most definitely has enough access to record video as well. This only hinders legitimate users while offering no real security against attackers. Giving something for nothing is not a trade-off you want to make.

Finally, the "safe" mode. While it may offer some security gains, it's also a huge hassle for both Blizzard's customer service and more importantly, the customers themselves. The minor security benefit (which can be sidestepped by virtualization), is miniscule compared to the huge number of people who have multiple computers and/or upgrade their computers.

Forum links could be disabled for all but a list of sites deemed safe by the forum mods.

The secret image method is just hobbled two-factor authentication. Truly secure two-factor would use a username (password optional) to log in initially and then a random character/number sequence sent to the user via email/sms. Email/sms would be like getting an "account activation" email every time you tried to log into a website, not just when you create your account.

They could create and distribute a linux native client...That would offer many of us additional protections and I could dump windows. (sorry, WINE is too much work to set up properly for playing wow. I work on configuration all day, I don't want to do it when I'm playing too).

I like your idea for #2. The government uses a similar technique for managing personnel pay. I know people say not to use Auto-updaters for WoW addons but I do. I also, virus scana nd run AdAware after I do my updates.

My guild officers are afraid I'm going to be hacked but I am very careful of any executable run on my machine.

I got a simple solution to most of the dangers of the internet; a firefox plug-in called no-script.It initially blocks all scripts on a website, until you put the script and it's source on the whitelist (with the click of a button). I only let the main site's scripts run, and all banners,adds and suspicious scripts remain off. Using hitman pro I had only 1 infection in over half a year ^^

Real security is layered. First layer is not downloading or clicking on strange stuff. Second layer is your Anti-virus security software. Third layer is the OS. Fourth layer is Blizzard's stuff. You should always assume that the previous layers can be broken. Blizzard can't control what Microsoft does or does not fix, and that doesn't absolve them of the responsibility to do what they can.

The WoW forums are an extremely potent transmission vector for WoW keyloggers. There's a large audience, 99% of which plays WoW. Your login is the same as your WoW login, so once you have that, a keylogger can easily post links and propogate the its spread. There is no other forum which is as perfect as the WoW forums. Other sites have much smaller audiences, and may use different logins and passwords. That inhibits the spread of the keylogger infection.

Finally, the pictures idea is not two-factor authentication, hobbled or otherwise. It's a slightly stronger form of one-factor authentication, specifically aimed at basic keyloggers. Recording keystrokes is very trivial. Recording video, or image recognition software, is less trivial. Two-factor authentication would require something you are, or something you have, which is impractical for an internet based application.

To be honest, I kind of liked Safe Mode the best. I think that most people, though not all, would play from the same computer all the time. And the restrictions I've put in Safe Mode would still allow you to play 95% of the game, and accumulate stuff. You just can't get rid of stuff.

Since occasionally you have decent content, and what seems to be a consistent viewer base, if you want me to make a "high end arena" ret article, I wouldn't mind sharing some experience. You seem to be really gun-ho on Paladins as a hybrid, and, for the first time in a long while I actually feel like one, rather than a healer / cleanser.

I never really considered Ret as a viable spec until today. I always compared Ret Paladins to other melee classes, and in that regard they fall short. No interrupt, no snare, no healing debuff etc. etc. I'm sure you've heard it all before. After a few games however, I can see how Paladins can still play support as Ret, and the things that make Holy so strong are still there.

Also, right now on the WoW Guild Relations forum, there's a thread about someone who logged onto an ex-guildmate's account and sharded all their gear. Or if a couple breaks up and one of them knows the other's account info.

Now, it's easy to say that you just shouldn't share your account info, but a Safe Mode predicated on the physical signature of your computer would help prevent this kind of stuff from happening.

Popular theme this. I just finished my blogpost on the matter herehttp://noobding.blogspot.com/2008/01/on-hacks-and-keyloggers.html

(don't worry keylogger free :P)

So for those suffering from paranoia check for a few options what you can do right now to help reduce the risk of keyloggers.

I do however like the idea of additional picture verification in WoW itself. The presence alone would put a damper on the use of the 'dumb' keyloggers at least on a temporary basis untill the hackers adjust to the new situation.

With a little luck methods like that will inflate the size of the keyloggers significantly. And the bigger they are and the more things they have to do the more easily they are detected.

Either way I wish all of you the best of luck fighting off these greedy endevours.

The true solution to this is for Blizzard to implement a keychain dongle with the game. You plug it into your usb jack when you want to play. The dongle is unique to your account and is required to login to your account. Other software vendors have used this in the past relatively successfully even though normally they use it to prevent piracy rather than keylogging.

The cost to implement this feature is not low however which is the true reason that Blizzard has not implemented it. Some people absolutely hate the idea as well.

I like the picture idea, but once the keylogger has your password, he just tries it with every picture. But we could lock out the account after a few tries. Hmm... 9 million customers clicking wrong once in while, that's a support nightmare I would not want to face.

How about extending that idea to the whole keyboard? Like done here: https://www.treasurydirect.gov/RS/BPDLogin?application=rs

I used to play Runescape for a long time (I AM NOT ASHAMED!!!) and a recent addition (well it was recent the last time I played which was a few years ago) was a new login system. To access your bank, you had to put in a 4-digit PIN. Once you unlocked your bank with that PIN, you wouldn't have to enter your pin again for the rest of that session. I think you could also set it to require the PIN every time you tried to access the bank, regardless of whether or not you already had done so before during that session. The important part was that it was not a typed PIN, but it was a 3x3 clickable square, and every time you clicked a number, the numbers were randomly moved about, so unless your hacker has a program running a video screen capture on your computer (which is highly unlikely :P), nobody can access your bank.

Of course that doesn't help the items in your inventory, or all your gold, or all your currently-equipped items, but it's still a step in the right direction. I also think that numbers would be a lot easier to remember than pictures (at least for me, but thats just how my brain works).

Like Shalkis said, a lot of the problem comes from other sources. People running un-updated, and just generally unsafe operating systems. People using unsafe browsers (Internet Explorer ftl...get Firefox or even better Opera...man I love Opera).

I have a mac and I run Opera, so generally if I know something I'm about to click is a keylogger/virus/spyware/whatever, I can click it anyway and nothing happens. I just get an error message telling me that what I just clicked isn't what it's supposed to be.

Having to check your computer for viruses and keyloggers on a daily or even weekly basis seems ridiculous to me. I've successfully operated a PC for the past 8 years without any troubles at all with viruses, spyware, etc. But thats because I know what to look for, how to avoid those things, and I'm the only one to ever use the computer.

Safe Mode just seems ridiculous, and causes more problems than it solves.

Running Linux is also a great option for WoW players on PCs, if they're up for the task.

Also, don't think that having a new browzer (like Firefox, which isn't super-new anymore) keeps you safe. There are hackers working on exploits for every different browzer our there, and the only way you can avoid them is to find the most reliable and impenetrable browzer that still fits your needs as a patron of the internet.

I don't think the cost of a security dongle would be a big issue. Blizzard would be producing a massive quantity (~4 million), and that will drive costs down to a trivial level.

However, the support issues would be a massive headache. People are going to lose their dongle, have it stolen, forget it elsewhere, and god knows what else. I think it would cause significant support issues, and that is what would hold back Blizzard adopting a physical token.